Back to bug 1332090
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Andrej Nemec | 2016-05-02 08:09:00 UTC | Depends On | 1332091 | |
| Andrej Nemec | 2016-05-02 08:11:23 UTC | Blocks | 1332092 | |
| Andrej Nemec | 2016-05-05 08:22:05 UTC | Whiteboard | impact=important,public=20160428,reported=20160428,source=oss-security,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P,cwe=CWE-172,fedora-all/ocaml=affected,rhel-7/ocaml=affected | impact=important,public=20160428,reported=20160428,source=oss-security,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P,cwe=CWE-172,fedora-all/ocaml=affected,rhel-7/ocaml=affected,rhel-6/ocaml=affected,epel-5/ocaml=affected |
| Prasad Pandit | 2016-06-06 13:10:33 UTC | CC | prasad | |
| Whiteboard | impact=important,public=20160428,reported=20160428,source=oss-security,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P,cwe=CWE-172,fedora-all/ocaml=affected,rhel-7/ocaml=affected,rhel-6/ocaml=affected,epel-5/ocaml=affected | impact=moderate,public=20160428,reported=20160428,source=oss-security,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P,cwe=CWE-172,fedora-all/ocaml=affected,rhel-7/ocaml=affected,rhel-6/ocaml=affected,epel-5/ocaml=notaffected | ||
| Prasad Pandit | 2016-06-06 13:12:22 UTC | Depends On | 1343081 | |
| Prasad Pandit | 2016-06-06 13:12:40 UTC | Depends On | 1343082 | |
| Prasad Pandit | 2016-06-06 13:40:16 UTC | Whiteboard | impact=moderate,public=20160428,reported=20160428,source=oss-security,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P,cwe=CWE-172,fedora-all/ocaml=affected,rhel-7/ocaml=affected,rhel-6/ocaml=affected,epel-5/ocaml=notaffected | impact=moderate,public=20160428,reported=20160428,source=oss-security,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P,cwe=CWE-172,fedora-all/ocaml=affected,rhel-7/ocaml=affected,rhel-6/ocaml=affected,epel-5/ocaml=notaffected,rhel-7/libguestfs=affected,rhel-6/libguestfs=affected |
| Prasad Pandit | 2016-06-06 13:41:12 UTC | Depends On | 1343100 | |
| Prasad Pandit | 2016-06-06 13:41:27 UTC | Depends On | 1343101 | |
| Prasad Pandit | 2016-06-06 13:44:32 UTC | Depends On | 1343103 | |
| Prasad Pandit | 2016-06-07 04:53:43 UTC | Doc Text | OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit platforms, causes sizes arguments to an internal memmove call to be sign-extended from 32 to 64-bits before being passed to the memmove function. This leads arguments between 2GiB and 4GiB to be interpreted as larger than they are (specifically, a bit below 2^64), causing a buffer overflow. And arguments between 4GiB and 6GiB are interpreted as 4GiB smaller than they should be, causing a possible information leak. | |
| Doran Moppert | 2016-06-07 04:58:26 UTC | Whiteboard | impact=moderate,public=20160428,reported=20160428,source=oss-security,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P,cwe=CWE-172,fedora-all/ocaml=affected,rhel-7/ocaml=affected,rhel-6/ocaml=affected,epel-5/ocaml=notaffected,rhel-7/libguestfs=affected,rhel-6/libguestfs=affected | impact=moderate,public=20160428,reported=20160428,source=oss-security,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P,cwe=cwe-194,fedora-all/ocaml=affected,rhel-7/ocaml=affected,rhel-6/ocaml=affected,epel-5/ocaml=notaffected,rhel-7/libguestfs=affected,rhel-6/libguestfs=affected |
| Prasad Pandit | 2016-06-09 09:06:38 UTC | Depends On | 1344243 | |
| Prasad Pandit | 2016-06-09 09:22:41 UTC | Whiteboard | impact=moderate,public=20160428,reported=20160428,source=oss-security,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P,cwe=cwe-194,fedora-all/ocaml=affected,rhel-7/ocaml=affected,rhel-6/ocaml=affected,epel-5/ocaml=notaffected,rhel-7/libguestfs=affected,rhel-6/libguestfs=affected | impact=low,public=20160428,reported=20160428,source=oss-security,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=cwe-194,fedora-all/ocaml=affected,rhel-7/ocaml=affected,rhel-6/ocaml=affected,epel-5/ocaml=notaffected,rhel-7/libguestfs=affected,rhel-6/libguestfs=affected |
| Prasad Pandit | 2016-06-09 09:37:28 UTC | Whiteboard | impact=low,public=20160428,reported=20160428,source=oss-security,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=cwe-194,fedora-all/ocaml=affected,rhel-7/ocaml=affected,rhel-6/ocaml=affected,epel-5/ocaml=notaffected,rhel-7/libguestfs=affected,rhel-6/libguestfs=affected | impact=moderate,public=20160428,reported=20160428,source=oss-security,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=cwe-194,fedora-all/ocaml=affected,rhel-7/ocaml=affected,rhel-6/ocaml=affected,epel-5/ocaml=notaffected,rhel-7/libguestfs=affected,rhel-6/libguestfs=affected |
| Prasad Pandit | 2016-06-22 17:30:07 UTC | Priority | high | medium |
| Severity | high | medium | ||
| Summer Long | 2016-06-23 05:15:29 UTC | CC | slong | |
| Doc Text | OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit platforms, causes sizes arguments to an internal memmove call to be sign-extended from 32 to 64-bits before being passed to the memmove function. This leads arguments between 2GiB and 4GiB to be interpreted as larger than they are (specifically, a bit below 2^64), causing a buffer overflow. And arguments between 4GiB and 6GiB are interpreted as 4GiB smaller than they should be, causing a possible information leak. | OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit platforms, causes size arguments to internal memmove calls to be sign-extended from 32- to 64-bits before being passed to the memmove function. This leads to arguments between 2GiB and 4GiB being interpreted as larger than they are (specifically, a bit below 2^64), causing a buffer overflow. Further, arguments between 4GiB and 6GiB are interpreted as 4GiB smaller than they should be, causing a possible information leak. | ||
| Andrej Nemec | 2016-07-11 13:21:30 UTC | Whiteboard | impact=moderate,public=20160428,reported=20160428,source=oss-security,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=cwe-194,fedora-all/ocaml=affected,rhel-7/ocaml=affected,rhel-6/ocaml=affected,epel-5/ocaml=notaffected,rhel-7/libguestfs=affected,rhel-6/libguestfs=affected | impact=moderate,public=20160428,reported=20160428,source=oss-security,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-194,fedora-all/ocaml=affected,rhel-7/ocaml=affected,rhel-6/ocaml=affected,epel-5/ocaml=notaffected,rhel-7/libguestfs=affected,rhel-6/libguestfs=affected |
| Tomas Hoger | 2016-10-28 12:55:45 UTC | Doc Text | OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit platforms, causes size arguments to internal memmove calls to be sign-extended from 32- to 64-bits before being passed to the memmove function. This leads to arguments between 2GiB and 4GiB being interpreted as larger than they are (specifically, a bit below 2^64), causing a buffer overflow. Further, arguments between 4GiB and 6GiB are interpreted as 4GiB smaller than they should be, causing a possible information leak. | An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger buffer overflow or information leak. |
| Martin Prpič | 2016-10-31 13:09:18 UTC | Doc Text | An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger buffer overflow or information leak. | An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak. |
| Tomas Hoger | 2017-03-21 09:02:05 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-03-21 05:02:05 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:48:22 UTC | Whiteboard | impact=moderate,public=20160428,reported=20160428,source=oss-security,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-194,fedora-all/ocaml=affected,rhel-7/ocaml=affected,rhel-6/ocaml=affected,epel-5/ocaml=notaffected,rhel-7/libguestfs=affected,rhel-6/libguestfs=affected |
Back to bug 1332090